The House Science Committee on Wednesday will mark up a draft bill that would require the National Institute of Standards and Technology to conduct audits on the effectiveness of federal agencies’ cybersecurity practices, among other measures.

The legislation was posted on the committee’s website today and is identical to language circulated last week to industry and other stakeholders in advance of the committee’s vote later this week.

Major financial firms operating in New York will face stiff cybersecurity obligations under a new regulation introduced in the city.

The rules address a broad range of cybersecurity issues, from the maintenance of written policies, governance and auditing, to detection, defence and response measures, testing requirements and incident reporting.

The new regulation (14-page / 342KB PDF) has been set by the New York State Department of Financial Services (DFS) and will apply to firms holding a banking, insurance or financial services licence to operate in New York. A limited number of exemptions apply, including for firms with few employees or low revenues or assets.

“GAO found that the 27 efforts were fragmented in that they were implemented by three agencies and addressed the same broad area of national need: enhancing the resilience of the electricity grid. However, DOE, DHS, and FERC generally tailored their efforts to contribute to their specific missions,” the report reads.

***

“In light of increasing threats to the nation’s electricity grid, national policies have stressed the importance of enhancing the grid’s resilience—its ability to adapt to changing conditions; withstand potentially disruptive events, such as the loss of power lines; and, if disrupted, to rapidly recover,” GAO wrote.

After eight years of vulnerability, president takes time to hone plan to thwart hackers

Four of the major issues underlying any future U.S. national cybersecurity policy are increased foreign surveillance, upgrading of our federal information systems technologies, reducing our informational deficit, and actively promoting education.

The administration’s executive order on cybersecurity was delayed in part because it appears now that President Donald Trump will likely push for an end to the Obama administration’s cautious and lawyer-like attempts to balance privacy and national security. Additionally, it also contained knee-jerk response initiatives that would have created additional major distractions.

The Antitrust Authority published for public comments a new guidelines draft on the subject of information-sharing between competitors for the purpose of contending with cyber threats.

***

The opinion presents guidelines for analyzing the competitive nature of information-sharing, and provides criteria for evaluating information-sharing arrangements and, thus, increases the certainty for entities wanting to take part in cybersecurity information-sharing schemes, without being concerned about violating provisions of the Restrictive Trade Practices Law.